Wednesday, June 29, 2022

Map Your Vendors to CMMC Processes

Here's an idea to consider: The next time you get a pitch from a vendor, ask this a simple question:

How does this product/service/solution map to CMMC processes and practices?

By now, I'm sure you've noticed that more and more government agencies are turning to NIST (The National Institute of Standards and Technology) and their Cybersecurity Framework for guidance on "best practices" for securing technology. See the official description of NIST's Cybersecurity Framework here:

The NIST SP-800-171 standard has been used by government (specifically military) contractors to demonstrate cybersecurity readiness. A few years ago, the Department of Defense created the Cybersecurity Maturity Model Certification (CMMC) to create standards of compliance so that organizations could demonstrate their "cyber hygiene" as measured against the NIST SP-800-171 standard.

In other words . . . instead of self-attesting that they are compliant, organizations can demonstrate to outsiders that they are compliant. And BOOM! an entire industry was born around compliance training, compliance auditing, and compliance testing.

What CMMC Should Mean to Managed Service Providers

Lots of people have jumped on the bandwagon of training and using CMMC in their businesses, and in offering services to their clients. That's great.

I would encourage you to take another step - and put a little pressure on your vendors. Simply ask the question: How does this product/service/solution map to CMMC processes and practices? See the graphic from the official NIST slide deck.

How do I map your amazing, AI-enhanced, fully buzzword-compliant widget to the capability domains defined in one or more of the five levels of CMMC compliance?

In fact, I recommend that you build a spreadsheet with each of the knowledge areas and define how each specific product or service helps you achieve compliance in that area. For example:

Access Control - [Vendor] [Product]

Incident Reponse - [Vendor] [Product]

Risk Management - [Vendor] [Product]


You need to look for two things on this spreadsheet: Gaps and Overlaps. I can pretty much guarantee that you'll have overlaps. These are areas addressed by more than one vendor/product. More importantly, look for the gaps that aren't addressed by any of the products or services you use.

After all that, you should get with your team and discuss whether you have the right mix. Is THIS the product you want to use to provide THAT compliance? If not, create a change plan. 

Also, make sure you go back to your vendors. Ask then how they map their products and services to CMMC compliance. Ask them if one of their products can fill your gaps. Remember, it might be as simple as using a feature you hadn't explored or didn't know about. Training from your vendors will help you choose the combination of products that you want to use going forward.

It's easy for vendors to throw up a slide deck and tell you how they plan to make the world safe from evil, amazing, AI-enhanced, fully buzzword-compliant attacks. But more and more, your company's success will be tied to your ability to demonstrate that you provide auditable compliance with a security framework that is truly growing to be a standard in the industry.

I would love to see every vendor add a slide that specifically maps their product or service to a specific piece of the CMMC security framework.

Feedback welcome.

- - - - -

A few sources:


Tuesday, June 28, 2022

Managing Your Service Board - 5-Week Course Starts July 5th

Managing Your Service Board

5 Consecutive Tuesdays

Starts: Jul 05, 2022

Ends: Aug 02, 2022

9am Pacific - 50 minutes

Handouts & Resources

Register Now - Only $299

Learn how to properly set up, develop core SOPs and adopt daily procedures that make your service board work better than ever.


This course covers the most important pieces of making your PSA (Professional Services Administration) service board work effectively. Your PSA is the brain center of your entire operation.

Most Managed Service Providers don’t use their PSA systems efficiently. In fact, most of them only use 10-20% of the capabilities of their PSA. This costs you money because you have the tool to run everything in your business more effectively. But if you don’t put the right information into the tool, then you can’t get the reports you need to improve your business.

This course covers the daily operation of a managed service business – or any IT shop with a service board and one or more technicians who execute the service. It assumes you have a service board or PSA (Professional Services Administration) and a service manager.

Whether you sell “break fix” or flat fee services, a service board will take your company to the next level – if you use it right. In addition to covering setup and core standard operating procedures, we’ll get into the “nitty gritty” of running a service board and managing the service department.

Which PSA?

I used ConnectWise for four years in my business. Then I switched to Autotask and used that for five years. Eventually, I moved to SolarWinds and used that for more than five years.

On top of all that, I’ve worked closely with coaching client who have used all of these products. This course is intended to apply to all PSAs. I will point out areas where differences are most obvious.

You will learn:

  • How tickets should flow into, through, and off of the service board
  • How to set up the core components of a service board
  • Priorities
  • Statuses
  • Workflows
  • Time Estimates
  • The most important processes and procedures for making the board work effectively once it’s set up
  • Introducing new processes to you employees
  • Getting clients to understand the new processes
  • Time tracking the right way
  • The most important reports you need to run
  • Every Day
  • Every Week
  • Every Month
  • When it’s time for client renewals
  • Avoiding the biggest pitfalls with service board management
  • Building an Action Plan that works

Additional Topics Include:

  • Welcome to the Service Department
  • After Hours Work
  • On Call and Night Staff
  • Managing Internal Administrative Tasks
  • Assign Techs or Rotate Them?
  • Approved Tools
  • Employees in The Tech Department
  • Technician Daily Time Management — includes daily work flow
  • Time Tracking for Employees
  • The Tech on Call for The Day – Managing Daily Workflow
  • How to Maximize Billability of Technicians
  • Email Rules and Etiquette for the Consultant
  • Technician Supplies
  • Final Friday Training
  • Troubleshooting Guidelines
  • Troubleshooting and Repair Logs
  • Service Delivery Policies and Procedures
  • The First Client Visit
  • Guide to a Service Call
  • The Network Documentation Binder – NDB
  • Response Times – Guarantees and Delivery
  • Time Entry and Note Entry in Service Tickets
  • Information Sharing
  • Service Board Backlog Management
  • Daily Monitoring of Client Machines
  • Patch Management Philosophy and Procedures
  • Setting Up Alerts in Your PSA and RMM
  • New PC Checklists
  • Server Down Procedures
  • Third Party Tech Support – Documenting Calls
  • Third Party Tech Support – Rules of Engagement
  • Document Pouches
  • Service Focus: Monthly Maintenance
  • Why We Do Monthly Maintenance
  • Scheduling Monthly Maintenance and On-Site Visits
  • Checklist for Major Scheduled Maintenance
  • The Monthly Maintenance Checklist
  • Monthly Single Checklist
  • Outsourcing (some) of Your Monthly Maintenance
  • Backup Monitoring, Testing, and Management
  • Disaster Recovery – An Overview

Specialist Certification Pathways

Meets Certification Requirements for:

  • Management
  • Technician
  • Service Manager

Course Outline

Unit 1 Core Components / Building Blocks of a Great Service Board

Unit 2 Core Processes and Procedures for Success / Time Tracking the Right Way

Unit 3 Implementation and Daily Processes

Unit 4 A Day in the Life of the Service Desk / Policies that Drive Profitability

Unit 5 Build and Maintain a Well-Oiled Machine / Getting the Details Right


Monday, June 27, 2022

Everyone Should Attend ChannelCon - on Me!

OK. Good clean fun:

1) Everyone should attend CompTIA's ChannelCon event. Seriously. If nothing else, register so you can get the content that's streamed and all the related materials.

2) You should use the code use the code CC22SmallBiz to register free.

. . .

and 3) There's a bit of a friendly competition. But that doesn't mean I want to lose. So PLEASE use my code and register today.

See, I got this taunting email today. Sophos is ahead of us and Lifecycle Insights/OIT VOIP is right behind us. We want to be the clear winner by a mile.

But we need your help.

Answer This Simple Quiz

Q: Are you registered for ChannelCon in Chicago, August 2-4?

A1: If you said YES, great. Please drop by booth 517 for a hearty handshake and a slap on the back. And consider buying me a beer.

A2: Not Sure. That's okay. Click here: to register right now, use the code CC22SmallBiz to register free. Just to be safe.

A3: NO. Well, then you definitely need to register using our code! Click this link and follow the prompts: Attend ChannelCon FREE on Me!


I am a member of CompTIA and have been on various councils and forums for years. THE event of the year is CompTIA's ChannelCon event.

This is literally one of those events where it seems like "everyone" is attending. So your Facebook, LinkedIn, and Twitter will explode with pictures of everyone you know at ChannelCon. 

If you don't register, you will be very sad. Co-workers will find you sobbing at your desk. Nobody wants that. Please do yourself a favor and register today! 

On me. 

So SBT gets the credit. So we can beat Sophos and put some distance between us and Lifecycle Insights/OIT VOIP. 

And that means you can attend for free, compliments of Small Biz Thoughts!

Please Click Here to Register.

( )

And use the code CC22SmallBiz to register free.

ChannelCon 2022 is your chance to get back in the groove—an opportunity to reconnect and reinvigorate your business and your career. ChannelCon serves up a great playlist of information, tools, and networking opportunities. Join other tech innovators and thought leaders live for three days of learning, collaborating, and skill development.

Check out the whole agenda here:

Be a guest of Small Biz Thoughts

CompTIA ChannelCon 2022

August 2-4 in Chicago.

MEET US at booth 517!

Register now and I’ll see you at ChannelCon.


Tuesday, June 14, 2022

My MSP's Mission and Vision

My Mission/Vision Statements - 1995 to today.

We get mail . . . 

Marty asked me a simple question recently: What was my mission statement at KPEnterprises (my first managed service business)?

Like most small businesses, my first company was founded with no mission statement. I wanted to make money. I knew I could design and build networks. I knew I could learn new technologies. I knew I could consult on business and on strategy. So I started trading dollars for hours. Of course things evolved over time.

I founded KPE in 1995. But I'm a reader. So I gobbled up a few hundred business books, and thousands of hours of audio while driving all over town. And within a few years, I started actually working on my vision and mission. (Side note: The luckiest thing that ever happened to me in business is that someone recommended The Emyth Revisited to me when I first started my first business.)

All that started to come together at the end of 1999 and beginning of 2000. And that, coincidentally, is when I was diagnosed with rheumatoid arthritis. So, I was going through a very difficult and extremely painful personal journey while growing my business and getting my arms around a meaningful mission.


Everyone has a slightly different take on these things. To me, a vision statement is literally what the future will look like. And the mission statement defines what it takes to make that vision come true. So the two are definitely related.

Here is the KPEnterprises discussion of Mission from our 2005 business plan. At this time, I was preparing to publish my first book for IT consultants. The company was growing nicely, and had six employees.

About the same time, I laid out my personal values, vision, and mission in the book Relax Focus Succeed. These are essentially unchanged today. The following is on the bulletin board next to my writing/reading desk in my study:

1.  My Values and Principles

  • Honesty, Integrity
  • Fairness
  • Good Personal Relationships
  • Healthy Life/Long Life
  • Helping Others

2.  My Vision

  • My vision is to inspire success through a balance of serving myself and serving others.
  • My motivations are:
    • Accomplish things
    • Relax
    • Heal
    • Help my family and other people
    • Grow personally and professionally
  • Notes on My Vision:
    • My vision is not to reach a point and then stop.  I want to be the kind of person who can simply continue doing what I enjoy forever.
    • I want to combine the “Me at work” with the “Me as father,” “Me as an individual,” “Me as a moral being,” etc.
    • I don’t want to be an atomistic, schizophrenic person.  I don’t want to behave one way in church and another at work.
    • I have goals for the various parts of my life, but they complement each other, they don’t fight each other.

Skip ahead a bit. In 2010, KPEnterprises had grown quite a bit. Great Little Book Publishing had been spun off as a separate company (now operating with the dba Small Biz Thoughts). I owned two companies with about fifteen employees operating out of the same office space. We had moved 100% of our clients to managed services and our largest fifteen clients to our cloud "five pack" offering. 

The 2010 KPEnterprises business plan had the following notes on the mission statement:

All of which, in case you're interested, brings us to the mission of Small Biz Thoughts.

My current company, Small Biz Thoughts, runs an online membership community and a training company dedicated to IT consultants. We are also a bit of a "media" company, publishing my books, blogs, podcasts, videos, and whatever else I can think of. And we provide some services to vendors in the space, primarily through advertising or speaking at events.

We have three W2 employees, including myself. We also have three 1099 contractors who work for us all the time. And, because it's the 21st Century, we have about five more contractors who work for us on an as-needed basis.

From our 2022 business plan:


Our Mission is simple and powerful: We help IT professionals to be more successful on the business side of their business.

Ultimately, Small Biz Thoughts seeks to change the SMB IT industry through information and thought leadership. These are accomplished through writing, speaking, education, and activism intended to redefine the industry to make it more honest, more competent, and more professional.

This mission is built on Karl Palachuk’s personal Values and Principles:

  • Honesty, Integrity
  • Fairness
  • Good Personal Relationships
  • Healthy Life/Long Life
  • Helping Others

And Karl’s personal motivations:

  • Accomplish things
  • Relax
  • Heal
  • Help my family and other people
  • Grow personally and professionally

And, just for completeness, here's the code of ethics in our business plan:

Code of Ethics

Small Biz Thoughts (Great Little Book, IT Service Provider University, SBT, SMB Community Podcast, etc.) is fundamentally a company designed around the concept of helping others to be successful. We literally exist to help as many people as possible to be successful. To that end, we have adopted the following Code of Ethics to drive our behavior and interactions inside and outside our company.

  • We are honest. In our work with clients, prospects, and strangers, we are committed to honesty at all levels. This drives several elements of our behavior.
  • We are competent. That means we know what we’re doing, or we don’t do it. It also means that we are constantly dedicated to learning new things. We are committed to never-ending education in a world that is always changing.
  • We only work with people we like. This includes employees, clients, vendors, distributors, advertisers, etc. We treat everyone with respect, both publicly and behind closed doors. In turn, we insist that the people we work with treat us and others with respect.
  • We are committed to work-life balance. Relax Focus Succeed. We certainly work hard, but we are committed to giving our employees time to relax, charge their batteries, and then come back to work with renewed creativity and productivity.
  • We are fair, professional, and compassionate. This is a bit like the “golden rule” of a service business. We treat everyone (employees, clients, vendors, etc.) as we would like to be treated. We remember every day that we are people working with people.
  • We are committed to Diversity, Equity, and Inclusion. Of course we work hard not to discriminate. But beyond that, we are committed to making everyone feel welcome to show up as their whole selves. This approach welcomes a great variety of “different-ness” and creativity to work its way into our daily operations.

-- -- --

Some people doubt the sincerity of some or all of this. I honestly don't care. I believe that people who work with me and Small Biz Thoughts find that we "walk the talk." 

Yes, we want to make money. But our focus is on service, with the belief that money will follow. 

Starting way back in 2000, I have had people who belittle me and my companies from time to time for thinking small and not collecting piles of cash. I've had people dismiss me because I run a "lifestyle" business instead of a business focused on squeezing the last dollar out of every prospect.

But here's the important piece for me: I am happy.

When there's no intergalactic pandemic, I travel to five or six countries a year, on at least two or three continents. I live where I want, eat what I want, drink what I want. I have friends all over the world. Almost everything in my life is completely free of stress.

I jokingly tell people, "If you could be anybody, you'd want to be me." But it's true. After more than twenty-five years of running businesses the way I want to run them, I have built exactly the life I want.

Many of you have heard me say these words from the stage:

A small business exists to fulfill the dreams and desires of the owners.

My business fulfills my dreams. And therefore, I declare it a success.

-- -- -- 

What's YOUR mission?


Monday, June 13, 2022

Regulation Conversation: Lessons from the Transportation Industry

Can IT the consulting industry regulate themselves?

In the last post,  HERE, I talked about some lessons we can learn about industry regulation from automotive repair. In this post, I want to look at some lessons from transportation - specifically, taxi cabs and the Uber/Lyft/rideshare industry.

The history of Uber and Lyft (etc.) is really a tale of an industry that could NOT be regulated effectively, so the market stepped in with a harsh alternative. But, more importantly, it's also the tale of an industry that refused to regulate themselves.

For you young people out there, the taxi industry has been famous for over a hundred years for giving horrible service with a bad attitude. Until about a dozen years ago, taxi cabs were often poorly maintained, unclean, unsafe, smelly vehicles. They were better in smaller towns and much worse in the largest cities.

On top of that, taxi drivers ("cabbies") regularly ripped off their passengers. They didn't start the meter, and then over-charged riders. They outright refused to charge the rates posted. They would drive out-of-towners by long, circuitous routes to run up the bill. They pretended that their credit card machines were broken, so you had to pay cash, so the cabby could pretend the fare never happened and rip off their company while not paying the taxes on income.

In many cities, most famously New York, taxi licenses (medallions) are limited. So drivers or companies had to pay a lot of money for a license. But once they had a license, they were part of a monopoly service. They had very limited competition. 

Taxi prices are regulated pretty much everywhere. And there are lots of regulations. But drivers regularly ignore these regulations because they are essentially unenforceable. Prices are often limited by various schemes. For example, within a certain area, it's one price. If you drive to a different part of town, it's another price. But if drivers believe you're going a short distance, they simply refuse to pick you up.

Lots of rules and regulations did not improve service. You could virtually guarantee that you were going to get ripped off and have a bad experience when you got in a cab. The only protection you had was experience to arrange payment beforehand, agree on the price, remind them to start the meter, and let the cabby see you map the route on your phone. In other words, you had to be a savvy driver or get ripped off.

Then Uber came along, and Lyft inside the U.S. 

Rideshare increased the feeling of security. Instead of seeing a "license," the rider got to meet a driver with a name who was connected through an app. There was no haggling about price. You know the price before you request the ride. There's no rip-off because the payment takes place somewhere in the cloud. 

And as silly as it sounds today, the car is clean. It is maintained. It doesn't smell bad. And, on top of all that, you are greeted with bottled water, mints, friendly conversation, and a cell phone charger. The driver takes the route promised and you pay the price agreed upon. And everything you (and they) do is tracked in the app.

All of the problems with taxis were "fixed" by the market. Taxi services railed against rideshares with a lot of bogus arguments about quality and safety. But rideshare not only fixed the taxi experience, they also improved on it.

Here's the important part: The taxi industry could have fixed themselves, but they refused to.

Government regulation can be (often is) ineffective. Sometimes, industries have to fix themselves. When they don't, the result is both more regulation and a changing market that punishes the bad actors. 

Ultimately, very few industries fix themselves when things go wrong. Bad norms evolve over time. Sometimes, self-regulation helps, but it's very hard to do.

This is where the IT Consulting industry is today.

We have a lot of bad actors. I follow a lot of the conversations on Reddit, Facebook, and various forums. I am appalled at the stories I read - but we all know they're true. People create abusive contracts that are probably unenforceable, but clients sign them and never consider going to an attorney. MSPs sign contracts that they don't deliver the services. They abuse licensing agreements. They blame software and hardware developers when the problem is their own incompetence. They abuse their employees and falsify records.

All those bad actors hurt the industry. They hurt you and all the good, competent consultants out there. 

But consider this: Most taxi drivers were honest before Uber. Most of them did not rip off their passenger. Most of them worked hard for decades because that medallion represented their retirement. In a monopoly market, the cost for a medallion might go up 400%. So drivers often got the equivalent of a mortgage to buy a medallion, knowing it would pay for their old age when they sold it. That market crashed when it became clear that Uber and rideshare are here to stay.

The reputation of the entire industry was hurt by the actions of the worst bad actors. And, ultimately, everyone suffered, even if they didn't contribute to the problem. 

Our industry is at a critical point. We cannot ignore it. The excesses of the worst actors hurt us all. I suspect we are more like the taxi industry than the automotive industry. Regulation will have minimal effectiveness. And, more importantly, WE can fix a lot of problems before the market fixes it for us.

Complacent industries are the ones most likely to be disrupted.

If an industry can regulate itself effectively, we won't find ourselves being regulated from the outside by government agencies that don't really understand what we do for a living. I hope the National Society of IT Service Providers will be the voice of our industry and help us to regulate ourselves.

Please check out the NSITSP at Join today. Be involved in the conversation. And help us address the major issues we face industry-wide.

Comments welcome.


[ Previous post mentioned is here: ]

Friday, June 10, 2022

Regulation Conversation: Lessons from the Auto Industry

The IT industry is being regulated. "Not being regulated" is no longer an option. Regulations come from many places, including state and federal agencies. Actual laws are a little ways down the road in most cases. But they're coming.

I thought it would be useful to look at some other industries and how they came to be regulated. One of the most obvious parallels is the automotive repair industry. You can actually look at some of the regulations and tell why they were implemented.

[Disclosure: I come from an auto repair family. My father and two of my uncles made a living as mechanics. My father and one uncle owned gas stations with repair facilities. My father had a side business rebuilding Volkswagens into custom dune buggies. I have brothers and cousins by the dozens who have been professional or amateur mechanics.]

If you engage a mechanic today, your experience generally goes like this:

  • They look at your car
  • They give you an estimate for the work
  • You go away and they start working on it
  • If something is more complicated or difficult than they thought it might be, they contact you and give you a revised estimate
    • You don't feel like you have a lot of options, so you say yes
  • They do the work
  • You pay the bill

As with many, many professions, knowledge plays a big role in the relationship. Even if you're mechanically inclined, the mechanic knows more than you. They have updated knowledge and lots of recent experience. So you pretty much have to believe them.

So honesty is another factor. You have to believe that you have a problem, that it's the problem they identify, and that the fix is appropriate to the problem. On top of all that, you need to believe they are competent. And, if they ever want to see you again, you have to believe that you were dealt with fairly.

This entire discussion is VERY analogous to the IT industry. In fact, the first legislation regulating MSPs in Louisiana was designed to address the IT version of the situation described above. Consultants (which the Secretary of State identifies as Managed Service Providers whether they are or not) were signing contracts with state agencies and then under-performing or not performing the work as described in the contract.

See information on the Louisiana law at

I said we could figure out why regulations were put in place. In the case of the automotive industry, there were obviously lots of mechanics who used their knowledge to engage customers, and then charge them more than they had agreed to. And, in many states (maybe all states), the mechanic can actually place a lien on your car. So if you don't pay them what you owe, they can have your car repossessed or, at a minimum, get their money when you sell the car some day.

In other words: Unscrupulous mechanics were making huge profits by cheating their customers. The laws or regulations that require an estimate and approval of additional charges has not eliminated the problem, but it has three positive effects. First, it has dramatically reduced the number of bad actors in the industry. Second, it has increased consumer awareness of the problem. And, third, it has created an opportunity for the best, most honest mechanics to promote themselves as super-competent and super-honest.

All of those things are good for the consumer. And they have raised the bar with regard to competence and honesty in the automotive repair industry. So, these requirements have been good for honest, competent mechanics as well.

I realize that many people want to treat discussions like this with quick judgments. But the world is a big, complicated place. No matter how much you hate regulation, it's coming. And sometimes, the smallest amount of regulation can make a huge difference - and help us avoid a lot more regulation.

If an industry can regulate itself effectively, we won't find ourselves being regulated from the outside by government agencies that don't really understand what we do for a living. I hope the National Society of IT Service Providers will be the voice of our industry and help us to regulate ourselves.

Please check out the NSITSP at Join today. Be involved in the conversation. And help us address the major issues we face industry-wide.

Comments welcome.


Thursday, June 09, 2022

D&H Adds HPE Greenlake and CTO Capabilities, Creating New Ways For MSPs to Benefit from Consumption-Based Cloud

News from our friends over at D&H . . .

D&H Adds HPE Greenlake and CTO Capabilities, Creating New Ways For MSPs to Benefit from Consumption-Based Cloud

— D&H Selects HPE GreenLake and Configure-to-Order (CTO) Offering to Give MSPs a Sophisticated, On-Premises or Cloud Model for IaaS 

HARRISBURG, PA – June 7, 2022 – D&H Distributing, a major provider of SMB, mid-market, and consumer technologies to the North American channel, announces it has enhanced its relationship with Hewlett Packard Enterprise (HPE), allowing D&H to deliver custom-configured systems based on a wide range of HPE’s software and equipment such as servers, storage, and networking hardware. HPE will factory-assemble solutions based on the end-user’s requirements and ship them to customers on behalf of D&H’s partners, allowing them faster scalability based on a greater variety of non-stockable products. The new Configure to Order (CTO) capability accommodates the evolving demands of end-users in an increasingly complex, modern workplace. 

This is in addition to D&H’s continued focus on the built-to-order (BTO) model as a just-in-time offering, optimized for the SMB market. D&H’s investments in its Modern Infrastructure team will provide additional resources to help partners select the right HPE solution for their needs.  

D&H is also now authorized to sell the innovative HPE GreenLake edge-to-cloud platform, enabling partners to accelerate data-first modernization. The powerful HPE GreenLake solution provides more than 50 cloud services for business end-customers, and can run on-premises, at the edge, in a colocation facility, or in the public cloud. This enhancement to D&H’s portfolio allows the distributor to address a wider variety of cloud computing scenarios for partners via the cost-effective XaaS-based consumption model, whether their data requires on-premises, off-site, or hybrid cloud infrastructures. 

Expanding Infrastructure-as-a-Service (IaaS)

“Our channel partners are working with businesses who are in various stages of digital transformation with unique data needs and dependencies. For example, certain companies might still benefit from keeping business applications or critical workloads on-site, while others could be more comfortable moving those to the cloud,” said Damon Kegerise, D&H’s director, modern infrastructure. “Yet the demand for IaaS and consumption-based delivery is growing, even at organizations that still require on-premises data. D&H’s MSPs can now offer the benefits of HPE’s advanced on-site cloud services to a greater scope of end-customers through a monthly subscription model, allowing them to shift their expenditures from the capital budget to a recurring consumption-based model, and to better accommodate end-to-end technology purchases.”

HPE GreenLake is currently transactional for D&H customers. As part of a forthcoming phase of this initiative, HPE GreenLake will be integrated into D&H’s Cloud Marketplace, allowing solution providers to build measurable solutions around this versatile platform, which will incorporate consumption invoicing and provisioning capabilities. 

“We want to make it easy for partners to build services and solutions around the HPE GreenLake platform as seamlessly as they’ve done with alternative foundational solutions like Microsoft Azure,” added Earl Greer, D&H’s sales director of modern infrastructure. “HPE GreenLake gives partners a complementary way to deliver cloud services, creating a true hybrid solution. Our Modern Solutions team was created to help resellers, VARs, and MSPs accommodate these scenarios, where a multitude of end-user variables need to be managed and accounted for. Partners don’t have to contend with all these conditions alone. They can leverage D&H’s team to create bespoke, end-to-end solutions for a range of circumstances, across an assortment of end-customers.”

“I’m excited about the opportunity to expand our portfolio of cloud offerings with D&H through our HPE GreenLake edge-to-cloud platform,” said George Hope, Worldwide Head of Partner Sales at HPE. “The expansion of our partnership with the HPE GreenLake platform will bring a modern cloud experience to our clients, their apps and their data - enabling them to accelerate their time to innovation, insights and outcomes.”

The expansion into HPE GreenLake with CTO capabilities falls under D&H’s Modern Infrastructure initiative, a sub-category of its new Modern Solutions Business Unit. The unit offers a consolidated team helping channel partners better meet the rapidly developing needs of the marketplace, supporting the deployment of hardware, software, services, financing, and more from end-to-end. D&H will explore the details of its Modern Solutions and Modern Infrastructure offerings, the HPE GreenLake platform and CTO offerings at its Mid-Atlantic Hershey THREAD partner event, scheduled for June 15, 2022, at the Hershey Lodge and Convention Center, Hershey, Pennsylvania. Partners can email [email protected] for more on this category, or visit for event information.

D&H solution providers can also visit or browse the distributor’s Facebook and Twitter feeds, and @dandh. Call 800-877-1200 to speak to an account representative. 

About D&H Distributing 

D&H Distributing supports resellers and MSP partners in the corporate, small-to-midsize business, consumer, education, and government markets with endpoints and advanced technologies, as well as differentiated services. D&H is ready to fill new market needs created by consolidation in the marketplace. Now heading into its 105th year, its vendors and partners can be confident in its ability to provide a wealth of enablement resources, multi-market expertise, credit options, and consultative services. D&H is agile in response to the needs of its VAR and MSP partners, demonstrating resilience through decades of industry mergers and market disruption, overcoming everything from wars and recessions to pandemics. 

The company works to expand the competencies of its partners in areas such as cloud services, ProAV, collaboration, UCC, mobility, esports, digital displays, smart home automation, video surveillance, digital imaging, and server networks across a range of markets. Its value proposition includes highly lauded training opportunities and partner engagement events, dedicated Solutions Specialists, certifications, professional marketing resources, and an expanding digital Cloud Marketplace. 

The distributor is headquartered in Harrisburg, PA, in the U.S. and Brampton, Ontario, in Canada with warehouses in Atlanta, GA; Chicago, IL; Fresno, CA; and Vancouver, BC, Canada. Call D&H at (800) 877-1200, visit, or follow the distributor’s Facebook and Twitter feeds, and @dandh



Wednesday, June 08, 2022

Aite-Novarica Group Report Explores New Managed Security Solution for MSPs Seeking Growth

I received this press release from my friends over at Field Effect . . .

Aite-Novarica Group Report Explores New Managed Security Solution for MSPs Seeking Growth

The firm found MSPs see tremendous growth in managed security services with a hybrid MDR solution.

OTTAWA, ON, June 2, 2022 – Global advisory firm Aite-Novarica Group has published a white paper exploring how MSPs are differentiating their managed security services with the right cyber security solutions and partners. The report, Hands-Free Cybersecurity for SMEs: A Roadmap to MSP Growth, found that hybrid MDR—a solution that protects the entire IT environment—is the best go-to-market strategy for small and mid-sized MSPs building a managed security service. 

“Managed security is table stakes in differentiating your MSP business and finding success in a crowded market. However, between changing client expectations and an expanding threat landscape, MSPs are stretched thin,” said Tari Schreider, Strategic Advisor for Aite-Novarica Group. “With the North American MDR market estimated to exceed US$5 billion by 2025, hybrid MDR is the key to unlocking new growth potential.”

The report, commissioned by global cybersecurity company Field Effect, is based on discussions with five North American MSPs about the impact hybrid MDR has on business growth. 

“MSPs need a hands-free MDR solution that makes it easy to market, sell, and deliver their managed security service—and Field Effect’s Partner Momentum Program fills that need,” said Matt Holland, Field Effect’s Founder and CEO. “Our partners are able to offer their clients the industry’s most complete cyber security solution, priced and built for smaller businesses, with 24x7 access to our team’s expertise.”

Aite-Novarica Group has made this white paper publicly available. To learn more about their research, methodology, and findings, download the full report here:

Field Effect is also hosting a complementary webinar on June 8, 2022, at 11 am EDT. Tari Schreider will speak with executives from two MSPs—Arrowhead Technologies and OT Group—to explore how adding a hybrid MDR solution increased their revenues, simplified operations, and accelerated growth. Register for the live webinar here:


About Field Effect

Field Effect, a global cyber security company, is revolutionizing the industry by bringing advanced cyber security solutions and services to businesses of all sizes. After years of research and development by the brightest in the business, we have pioneered a holistic approach to cyber security. Our complete Managed Detection and Response (MDR) solution, flexible simulation-based training platform, and expert-led professional services form a unified defense that results in superior security, less complexity, and immediate value. We build solutions that are sophisticated, yet easy to use and manage, so every business owner can get the hands-free cyber security they expect and the sleep-filled nights they deserve.  

About Aite-Novarica Group

Aite-Novarica Group is an advisory firm providing mission-critical insights on technology, regulations, strategy, and operations to hundreds of banks, insurers, payments providers, and investment firms—as well as the technology and service providers that support them. Comprising former senior technology, strategy, and operations executives as well as experienced researchers and consultants, our experts provide actionable advice to our client base, leveraging deep insights developed via our extensive network of clients and other industry contacts.


Monday, June 06, 2022

Attend ChannelCon FREE on Me!

I am a member of CompTIA and have been on various councils and forums for years. THE event of the year is CompTIA's ChannelCon event.

Now you can attend for free, compliments of Small Biz Thoughts!

Please Click Here to Register. )

And use the code CC22SmallBiz to register free.

ChannelCon 2022 is your chance to get back in the groove—an opportunity to reconnect and reinvigorate your business and your career. ChannelCon serves up a great playlist of information, tools, and networking opportunities. Join other tech innovators and thought leaders live for three days of learning, collaborating, and skill development.

Check out the whole agenda here: (still under construction, so check back).

Be a guest of Small Biz Thoughts

CompTIA ChannelCon 2022

August 2-4 in Chicago.

MEET US at booth 517!

Register now and I’ll see you at ChannelCon.


Saturday, June 04, 2022

All Games in Business are "The Long Game"

 I was re-listening to Mitch Joel's book Six Pixels of Separation recently (via Audible). Early on, he throws out an important statement and then scurries on to make a bigger point. But the key statement really struck a chord with me: Effective marketing takes time.

Okay. I know that sounds obvious. So why did it stand out to me?

Well . . . A lot of people come to me for advice. And very often they have one thing in common: They're in a hurry.

- How do I get a new client today?

- Where can I spending marketing dollars to make the phone ring today?

- How can I buy ads that get fast results?

- How do I turn around my company right now, because we've been losing money for years?

Similarly, I ask people why they invest in SEO schemes that cannot possible lead to sales (see The Truth about SEO). The answer is that they want to get people to click on their site or visit their web page . . . and the assumption is that those people will magically become clients.

I know everyone's in a hurry all the time. It's the way of the world. But success ultimately consists of consistent behavior repeated forever. With rare exceptions, no one becomes "suddenly successful." Success takes skill and experience. Both of those take time.

You may have heard the advice:

The best time to start building your marketing program is five years ago.
The second best time is right now!

And it's not just true for marketing. Building a successful business takes time. Building a good culture takes time. Building a brand takes time. Building good client relationships takes time. Building a great team takes time. 

The really great news is - It's never too late to start. Here are a few things to remember as you proceed.

First, plan for the long haul. In other words, plan for years of work ahead. Some people find that overwhelming or even depressing. But it's reality. You have to do what you can do today and this week. But you also have to have the long view. 

This is literally what a vision and mission are about. What will your successful future look like? That's your vision. How will you get there? That's your mission.

Most businesses can survive without a vision or mission. In fact, most do. But there's a big difference between survive and thrive. Very few businesses thrive without a vision or mission. And that brings us back to the long haul: The sooner you start working on the long-term goals, the sooner they can come true.

Second, do not treat exceptions like the rule. Time and time again, people like to argue about everything by pointing to some example that's far from normal. I often hear small business owners argue that they have to answer their phone at all hours of the day and night because a system might fail at midnight on Sunday. My answer is always, "If you build systems that fail all the time, you are probably in the wrong business." 

In reality, any given business-class system might have one important problem in a year. With luck, it's less. But you should not operate your entire business as if the world is about to end.

The same is true with marketing. Some one at some event told the story of advertising on Google or Twitter or Facebook and getting three new clients in a month. First of all, that story was probably a vast exaggeration. But, second, it was at least exceptional. Yes, in a normal distribution, someone is in the top one percent of performers. But 99% are not! In fact, by definition, 98% are within two standard deviations from the middle.

Third, the best way to approach the long haul is with a wide angle lens. In other words, consider "marketing" or "team building" very broadly. You can do a large variety of things for team building. You can give your team opportunities to get to know each other; you can create a working environment that enhances the team aspect of work; you can put out an internal newsletter. But if you something all the time, you will eventually have a team with self identity.

The same is true with marketing. You might do some email campaigns, some postal campaigns, hold in-person events, or sponsor a local recycling drive. Each of these is different, but they all contribute to doing something to promote your business.

Big corporations can spend hundreds of thousands, or even millions of dollars on each of these. And they might even be able to measure short-term results. But small companies can't do either of those things. The programs are smaller, they take lots of time, and the results are only measures after years of consistent effort.

Fourth, everything takes time. Lots of time. You need to be patient with yourself, your team, your marketing, etc. Be glad with positive results, but remember that "the game" is a lot more like Cricket than miniature golf: It takes a LONG time, and no one really understands the rules.

The reality is, we all know that it takes years to build great clientele, great businesses, great marketing, etc. That is, we know it intellectually, but we often act as if we'll suddenly have everything we need. The way I look at it is:

Yes, you might win the lottery,
but you should have a retirement fund just in case.

Personally, I enjoy the never-ending planning that comes with business. I enjoy trying new things. I keep what works and discard what doesn't. I constantly push forward on marketing, sales, team building, and client relationships. With luck, none of these will ever end.

The bottom line is: Relax - and start building your future today. You need to set and maintain a sustainable pace. You cannot run a series of non-stop marathons. You physically cannot. But you can walk, jog, or run for an hour every day. For some of you that's a mile or two and for some it's ten miles. In either case, your pace will be sustainable for years.

The tortoise wins the race because it goes at a sustainable pace.